Overview: This host is running eFront and is prone to SQL injection vulnerability.

Vulnerability Insight: The flaw exists due to an error in 'ask_chat.php', which fails to properly sanitise input data passed via the 'chatrooms_ID' parameter.

Impact: Successful exploitation will allow remote attackers to to view, add, modify or delete information in the back-end database.

Impact Level: Application.

Affected Software: eFront version 3.6.2 and prior.

Fix: No solution or patch is available as of 18th May, 2010. Information regarding this issue will be updated once the solution details are available. For updates refer to http://www.efrontlearning.net/